Have something to say?

Ready to be published? LXer is read by around 350,000 individuals each month, and is an excellent place for you to publish your ideas, thoughts, reviews, complaints, etc. Do you have something to say to the Linux community?

Mandrake alert: gaim update

Versions of Gaim (an AOL instant message client) prior to 0.58 contain a buffer overflow in the Jabber plug-in module. As well, a vulnerability was discovered in the URL-handling code, where the "manual" browser command passes an untrusted string to the shell without reliable quoting or escaping. This allows an attacker to execute arbitrary commands on the user's machine with the user's permissions. Those using the built-in browser commands are not vulnerable.

Versions of Gaim (an AOL instant message client) prior to 0.58 contain a
buffer overflow in the Jabber plug-in module. As well, a vulnerability
was discovered in the URL-handling code, where the "manual" browser
command passes an untrusted string to the shell without reliable
quoting or escaping. This allows an attacker to execute arbitrary
commands on the user's machine with the user's permissions. Those
using the built-in browser commands are not vulnerable.
________________________________________________________________________